From: Richard Henderson <richard.henderson@linaro.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: qemu-devel@nongnu.org, berrange@redhat.com, qemu-arm@nongnu.org,
qemu-ppc@nongnu.org, qemu-riscv@nongnu.org, pbonzini@redhat.com
Subject: Re: [PATCH 31/35] host/include/aarch64: Implement aes-round.h
Date: Sat, 3 Jun 2023 09:01:37 -0700 [thread overview]
Message-ID: <c9e2980e-54bd-1b25-60b9-3351417aaecd@linaro.org> (raw)
In-Reply-To: <CAMj1kXE5SKJS9YRuV6H3z84JvSMHDBkFWVuue8yMyYVK7TVkSw@mail.gmail.com>
On 6/3/23 05:50, Ard Biesheuvel wrote:
> On Sat, 3 Jun 2023 at 04:34, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> Detect AES in cpuinfo; implement the accel hooks.
>>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>> host/include/aarch64/host/aes-round.h | 204 ++++++++++++++++++++++++++
>> host/include/aarch64/host/cpuinfo.h | 1 +
>> util/cpuinfo-aarch64.c | 2 +
>> 3 files changed, 207 insertions(+)
>> create mode 100644 host/include/aarch64/host/aes-round.h
>>
>> diff --git a/host/include/aarch64/host/aes-round.h b/host/include/aarch64/host/aes-round.h
>> new file mode 100644
>> index 0000000000..27ca823db6
>> --- /dev/null
>> +++ b/host/include/aarch64/host/aes-round.h
>> @@ -0,0 +1,204 @@
>> +/*
>> + * AArch64 specific aes acceleration.
>> + * SPDX-License-Identifier: GPL-2.0-or-later
>> + */
>> +
>> +#ifndef HOST_AES_ROUND_H
>> +#define HOST_AES_ROUND_H
>> +
>> +#include "host/cpuinfo.h"
>> +#include <arm_neon.h>
>> +
>> +#ifdef __ARM_FEATURE_AES
>> +# define HAVE_AES_ACCEL true
>> +# define ATTR_AES_ACCEL
>> +#else
>> +# define HAVE_AES_ACCEL likely(cpuinfo & CPUINFO_AES)
>> +# define ATTR_AES_ACCEL __attribute__((target("+crypto")))
>> +#endif
>> +
>> +static inline uint8x16_t aes_accel_bswap(uint8x16_t x)
>> +{
>> + /* No arm_neon.h primitive, and the compilers don't share builtins. */
>
> vqtbl1q_u8() perhaps?
Ah, yes, thanks.
>> +static inline uint8x16_t aes_accel_aesmc(uint8x16_t d)
>> +{
>> + asm(".arch_extension aes\n\t"
>> + "aesmc %0.16b, %1.16b" : "=w"(d) : "w"(d));
>
>
> Most ARM cores fuse aese/aesmc into a single uop (with the associated
> performance boost) if the pattern is
>
> aese x, y
> aesmc x,x
>
> aesd x, y
> aesimc x,x
>
> So it might make sense to use +w here at least, and use only a single
> register (which the compiler will likely do in any case, but still)
>
> I would assume that the compiler cannot issue these separately based
> on the sequences below, but if it might, it may be worth it to emit
> the aese/aesmc together in a single asm() block
There could be shuffling. It's low probability, but possible.
I really should move the builtin test to meson, as clang-16 fixes the builtin visibility
issue. I can see that gcc knows fusion of these pairs; I assume clang does as well, but I
don't know the code base well enough to check.
I suppose it's going to be years until clang-16 can be assumed, as Debian bookworm is to
be released this month with clang-14. So it's probably worth spending a few more minutes
on this now.
r~
next prev parent reply other threads:[~2023-06-03 16:02 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-03 2:33 [PATCH 00/35] crypto: Provide aes-round.h and host accel Richard Henderson
2023-06-03 2:33 ` [PATCH 01/35] tests/multiarch: Add test-aes Richard Henderson
2023-06-03 2:33 ` [PATCH 02/35] target/arm: Move aesmc and aesimc tables to crypto/aes.c Richard Henderson
2023-06-03 12:45 ` Ard Biesheuvel
2023-06-03 15:21 ` Richard Henderson
2023-06-05 10:45 ` Philippe Mathieu-Daudé
2023-06-05 11:01 ` Philippe Mathieu-Daudé
2023-06-03 2:33 ` [PATCH 03/35] crypto/aes: Add constants for ShiftRows, InvShiftRows Richard Henderson
2023-06-05 10:46 ` Philippe Mathieu-Daudé
2023-06-03 2:33 ` [PATCH 04/35] crypto: Add aesenc_SB_SR Richard Henderson
2023-06-03 13:15 ` Ard Biesheuvel
2023-06-03 15:24 ` Richard Henderson
2023-06-03 2:33 ` [PATCH 05/35] target/i386: Use aesenc_SB_SR Richard Henderson
2023-06-03 2:33 ` [PATCH 06/35] target/arm: Demultiplex AESE and AESMC Richard Henderson
2023-06-05 10:56 ` Philippe Mathieu-Daudé
2023-06-03 2:33 ` [PATCH 07/35] target/arm: Use aesenc_SB_SR Richard Henderson
2023-06-03 2:33 ` [PATCH 08/35] target/ppc: " Richard Henderson
2023-06-03 2:34 ` [PATCH 09/35] target/riscv: " Richard Henderson
2023-06-03 2:34 ` [PATCH 10/35] crypto: Add aesdec_ISB_ISR Richard Henderson
2023-06-03 2:34 ` [PATCH 11/35] target/i386: Use aesdec_ISB_ISR Richard Henderson
2023-06-03 2:34 ` [PATCH 12/35] target/arm: " Richard Henderson
2023-06-03 2:34 ` [PATCH 13/35] target/ppc: " Richard Henderson
2023-06-03 2:34 ` [PATCH 14/35] target/riscv: " Richard Henderson
2023-06-03 2:34 ` [PATCH 15/35] crypto: Add aesenc_MC Richard Henderson
2023-06-03 2:34 ` [PATCH 16/35] target/arm: Use aesenc_MC Richard Henderson
2023-06-03 2:34 ` [PATCH 17/35] crypto: Add aesdec_IMC Richard Henderson
2023-06-03 2:34 ` [PATCH 18/35] target/i386: Use aesdec_IMC Richard Henderson
2023-06-03 2:34 ` [PATCH 19/35] target/arm: " Richard Henderson
2023-06-03 2:34 ` [PATCH 20/35] target/riscv: " Richard Henderson
2023-06-03 2:34 ` [PATCH 21/35] crypto: Add aesenc_SB_SR_MC_AK Richard Henderson
2023-06-03 2:34 ` [PATCH 22/35] target/i386: Use aesenc_SB_SR_MC_AK Richard Henderson
2023-06-03 2:34 ` [PATCH 23/35] target/ppc: " Richard Henderson
2023-06-03 2:34 ` [PATCH 24/35] target/riscv: " Richard Henderson
2023-06-03 2:34 ` [PATCH 25/35] crypto: Add aesdec_ISB_ISR_IMC_AK Richard Henderson
2023-06-03 2:34 ` [PATCH 26/35] target/i386: Use aesdec_ISB_ISR_IMC_AK Richard Henderson
2023-06-03 2:34 ` [PATCH 27/35] target/riscv: " Richard Henderson
2023-06-03 2:34 ` [PATCH 28/35] crypto: Add aesdec_ISB_ISR_AK_IMC Richard Henderson
2023-06-03 2:34 ` [PATCH 29/35] target/ppc: Use aesdec_ISB_ISR_AK_IMC Richard Henderson
2023-06-03 2:34 ` [PATCH 30/35] host/include/i386: Implement aes-round.h Richard Henderson
2023-06-03 2:34 ` [PATCH 31/35] host/include/aarch64: " Richard Henderson
2023-06-03 12:50 ` Ard Biesheuvel
2023-06-03 16:01 ` Richard Henderson [this message]
2023-06-03 2:34 ` [PATCH 32/35] crypto: Remove AES_shifts, AES_ishifts Richard Henderson
2023-06-03 2:34 ` [PATCH 33/35] crypto: Implement aesdec_IMC with AES_imc_rot Richard Henderson
2023-06-03 2:34 ` [PATCH 34/35] crypto: Remove AES_imc Richard Henderson
2023-06-03 2:34 ` [PATCH 35/35] crypto: Unexport AES_*_rot, AES_TeN, AES_TdN Richard Henderson
2023-06-03 13:23 ` [PATCH 00/35] crypto: Provide aes-round.h and host accel Ard Biesheuvel
2023-06-04 10:47 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c9e2980e-54bd-1b25-60b9-3351417aaecd@linaro.org \
--to=richard.henderson@linaro.org \
--cc=ardb@kernel.org \
--cc=berrange@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-riscv@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).